Full Disclosure: Re: Senior M$ member says stop using passwords completely!

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Full Disclosure mailing list archives

Re: Senior M$ member says stop using passwords completely!

From: Andrew Farmer <andfarm () teknovis com>
Date: Wed, 20 Oct 2004 10:45:41 -0700

On 16 Oct 2004, at 07:46, Tim wrote:

"Pre-computation attacks are a somewhat new and interesting phenomenon
we are starting to encounter 'in the wild' through chainsaw security
consultants. What they do is they pre-compute all of the possible LMorNT password hashes of a given length with a given character set andburn
the pre-computed password-hash-to-password-mappings to DVD.  Heck they
can even submit their request to have your password hash reversed back
into a password using a web page someone has setup to do the job foryou
(sorry, not going to give out THAT URL here.) . . . for free!"


To save everyone the looking:

http://lasecwww.epfl.ch/~oechslin/projects/ophcrack/

Attachment: PGP.sig
Description: This is a digitally signed message part

By Date By Thread

Current thread:

Websphere 3.5, (continued)
- RE: Senior M$ member says stop using passwords completely! Aviv Raff (Oct 16)
  - RE: Senior M$ member says stop using passwords completely! RandallM (Oct 16)
- Re: Senior M$ member says stop using passwords completely! Georgi Guninski (Oct 20)
  - Re: Senior M$ member says stop using passwords completely! Danny (Oct 20)
    - Re: Senior M$ member says stop using passwords completely! Maarten (Oct 20)